Phorm: damn the EU, full speed ahead!

The EU has some tough questions for the UK government about why it never …

Phorm—even the name conjures up "phear" among opponents of the company's targeted advertising technology. But what does Phorm say about itself? Its stated goal is "to create a new, more responsive, intuitive kind of Internet experience, and that sounds hard to beat. But the EU has some hard questions about the way the company has gone about its business, and it wants answers that the UK government appears strangely unwilling to provide.

Phorm's business model is much like that of NebuAd here in the US: partner with ISPs, slurp up all that delicious user surfing data, then use it to toss users into various content silos. Visit photo blogs, for instance, and your profile will be tagged as being interested in photography, though the actual websites that have been visited will not be logged. These categories will be used by websites that partner with Phorm in an attempt to provide more relevant ads to users (and receive better rates from buyers).

In Phorm's view, this is a "privacy enhancing" and "unbelievably awesome technology" that is up there with the iPhone when it comes to innovation. To critics, it sounds a lot like snooping on people's Internet connections, especially when (as in the NebuAd trials here) users had to explicitly opt-out, were often not given clear notification, and still had to settle for all their traffic passing through the NebuAd boxes anyway.

The European Union, which has passed several strict data protection laws, has been asking some hard questions about Phorm. Not so much about its technology as about the way the company partnered with BT, a leading UK ISP, to conduct secret trials of the system (the system is now public, and is called "WebWise"). The UK government has looked into the matter, but its responses to the EU have not been satisfactory, focusing only on future deployments and not addressing the key question of the past trials.

The EU is trying to get answers once again. The Register, which has been covering Phorm developments in the UK with a tenacity more often seen in British bulldogs, has learned that the EU has now sent a third letter to the UK government demanding answers about the trials back in 2006 and 2007. If it doesn't get a good answer as to why the secret collection of user data is not illegal (as it apparently should be), the European Commission could take the UK to court.

Future deployment rules

UK regulators have laid down rules for any future deployments of Phorm gear, and those rules require the company to not retain website history data, exclude sensitive search topics (health, porn), get the "agreement of the customer," and provide an "unavoidable statement" about the technology that consumers must act on before it is operational.

The rules sound like a good start, especially when compared to the less-than-robust "notification" processes we saw in the NebuAd trials. But the UK's Open Rights Group complains that no one is even talking about a huge legal issue: does Phorm need the permission of both the users and the websites that they visit in order to legally intercept communications?

"Unless the ISPs employing Phorm’s technology to intercept the communications between their customers and the owners of the websites their customers are visiting have the explicit consent of both parties," said the group last year, "they are likely to be committing an offence under the Regulation of Investigatory Powers Act (RIPA), the legislation that governs interception of communications in the UK."

Between challenges from activist groups like ORG, grassroots groups like Bad Phorm, and the threat of an EU legal challenge to the company's trials, deployment could certainly be derailed. But with the UK government already giving its blessing to the basic system being proposed, Phorm doesn't appear to be worried.

In an interview on Monday, the company's CEO pledged that the deal between Phorm and BT would go ahead, and by the end of 2009. The company has also signed deals with Carphone Warehouse and Virgin Media, so the next year could see Phorm systems in place across the UK's most popular ISPs.